With respect, it sounds like you need more than just some pointers or examples !
You need to understand what you are protecting, which will drive what level of security is required e.g. personal info, reputation, money, etc As Pieter said SSL is the absolute minimum but you need to understand the various risk vectors and how to protect against each one. Cheers David David Moorhouse (BCom) | Principal Software Engineer - HealthOne Pegasus Health (Charitable) Ltd P: 03 353 0871 | W: www.pegasus.org.nz<http://www.pegasus.org.nz/> E: [email protected]<mailto:[email protected]> PO Box 741, Christchurch 8140 401 Madras St, Christchurch 8013 [cid:[email protected]] From: [email protected] [mailto:[email protected]] On Behalf Of Pieter De Wit Sent: Wednesday, 1 August 2018 11:23 a.m. To: NZ Borland Developers Group - Delphi List Cc: [email protected] Subject: Re: [DUG] How to make secure MySQL Hi, Store the passwords as a salted sha256 or something: (Sorry, my Delphi is a bit rusty) passhash=sha256 (“SALT1234”+real_password+”SALT4321”); Also, use SSL on the MySQL layer :) Cheers, Pieter On 1/08/2018, at 11:19 AM, <[email protected]<mailto:[email protected]>> <[email protected]<mailto:[email protected]>> wrote: Hi all Can anybody give me some pointers and/or examples of how to make my web app – using MySQL – secure. At the moment I’m just transferring the bare passwords across, not a good idea I guess. Secondly, once logged in, a session variable determines a logged in status – safe enough? Thanks for any reply. John C _______________________________________________ NZ Borland Developers Group - Delphi mailing list Post: [email protected]<mailto:[email protected]> Admin: http://delphi.org.nz/mailman/listinfo/delphi Unsubscribe: send an email to [email protected]<mailto:[email protected]> with Subject: unsubscribe ******************************************************************************** This email or attachment(s) may contain confidential or legally privileged information intended for the sole use of the addressee(s). Any use, redistribution, disclosure, or reproduction of this message, except as intended, is prohibited. If you received this email in error, please notify the sender and erase all copies of the message, including any attachments. Any views or opinions expressed in this email (unless otherwise stated) may not represent those of Pegasus Health Ltd. ********************************************************************************
_______________________________________________ NZ Borland Developers Group - Delphi mailing list Post: [email protected] Admin: http://delphi.org.nz/mailman/listinfo/delphi Unsubscribe: send an email to [email protected] with Subject: unsubscribe
